Skip to main content

AWS CloudTrail

Pack assets​

Templates​

The Monitoring Connector Amazon CloudTrail brings a host template:

  • Cloud-Aws-CloudTrail

The connector brings the following service templates (sorted by the host template they are attached to):

Service AliasService TemplateService Description
Cloudtrail-Check-Trail-StatusCloud-Aws-Cloudtrail-Check-Trail-Status-ApiCheck trail status
Cloudtrail-Count-EventsCloud-Aws-Cloudtrail-Count-Events-ApiCheck cloudtrail events

The services listed above are created automatically when the Cloud-Aws-CloudTrail host template is used.

Collected metrics & status​

Here is the list of services for this connector, detailing all metrics linked to each service.

Metric nameUnit
trail_is_logging

Prerequisites​

AWS Configuration​

Configure a service account (access/secret key combo) for which the following privileges have to be granted:

AWS PrivilegeDescription
cloudtrail:GetTrailStatusReturns a JSON-formatted list of information about the specified trail.
cloudtrail:LookupEventsLooks up management events or CloudTrail Insights events that are captured by CloudTrail.

Plugin dependencies​

To interact with the Amazon APIs, you can use either use the awscli binary provided by Amazon or paws, a Perl AWS SDK (recommended). You must install it on every poller expected to monitor AWS resources.

For now, it is not possible to use paws if you are using a proxy to reach the AWS Cloudwatch APIs.

yum install perl-Paws

Installing the monitoring connector​

Pack​

  1. If the platform uses an online license, you can skip the package installation instruction below as it is not required to have the connector displayed within the Configuration > Monitoring Connector Manager menu. If the platform uses an offline license, install the package on the central server with the command corresponding to the operating system's package manager:
dnf install centreon-pack-cloud-aws-cloudtrail
  1. Whatever the license type (online or offline), install the Amazon CloudTrail connector through the Configuration > Monitoring Connector Manager menu.

Plugin​

Since Centreon 22.04, you can benefit from the 'Automatic plugin installation' feature. When this feature is enabled, you can skip the installation part below.

You still have to manually install the plugin on the poller(s) when:

  • Automatic plugin installation is turned off
  • You want to run a discovery job from a poller that doesn't monitor any resource of this kind yet

More information in the Installing the plugin section.

Use the commands below according to your operating system's package manager:

dnf install centreon-plugin-Cloud-Aws-Cloudtrail-Api

Using the monitoring connector​

Using a host template provided by the connector​

  1. Log into Centreon and add a new host through Configuration > Hosts.
  2. Fill the Name, Alias & IP Address/DNS fields according to your ressource settings.
  3. Apply the Cloud-Aws-CloudTrail-custom template to the host. A list of macros appears. Macros allow you to define how the connector will connect to the resource, and to customize the connector's behavior.
  4. Fill in the macros you want. Some macros are mandatory.
MacroDescriptionDefault valueMandatory
AWSACCESSKEYSet AWS access keyX
AWSASSUMEROLESet ARN of the role to be assumed
AWSCUSTOMMODEChoose a custom modeX
AWSREGIONSet the region nameX
AWSSECRETKEYSet AWS secret keyX
PROXYURLProxy URL if any
EXTRAOPTIONSAny extra option you may want to add to every command (E.g. a --verbose flag). All options are listed here
  1. Deploy the configuration. The host appears in the list of hosts, and on the Resources Status page. The command that is sent by the connector is displayed in the details panel of the host: it shows the values of the macros.

Using a service template provided by the connector​

  1. If you have used a host template and checked Create Services linked to the Template too, the services linked to the template have been created automatically, using the corresponding service templates. Otherwise, create manually the services you want and apply a service template to them.
  2. Fill in the macros you want (e.g. to change the thresholds for the alerts). Some macros are mandatory (see the table below).
MacroDescriptionDefault valueMandatory
TRAILNAMEFilter by trail nameX
EXTRAOPTIONSAny extra option you may want to add to the command (E.g. a --verbose flag). All options are listed here
  1. Deploy the configuration. The service appears in the list of services, and on the Resources Status page. The command that is sent by the connector is displayed in the details panel of the service: it shows the values of the macros.

How to check in the CLI that the configuration is OK and what are the main options for?​

Once the plugin is installed, log into your Centreon poller's CLI using the centreon-engine user account (su - centreon-engine). Test that the connector is able to monitor an AWS Instance using a command like this one (replace the sample values by yours):

/usr/lib/centreon/plugins//centreon_aws_cloudtrail_api.pl \
--plugin=cloud::aws::cloudtrail::plugin \
--custommode='awscli' \
--aws-secret-key='***' \
--aws-access-key='***' \
--region='eu-west-1' \
--proxyurl='http://myproxy.mycompany.org:8080' \
--mode=checktrailstatus \
--trail-name='my-trail'

The expected command output is shown below:

OK: Trail is logging: 1 | 'trail_is_logging'=1;;;0;

Troubleshooting​

Please find the troubleshooting documentation for Centreon Plugins typical issues.

Available modes​

All available modes can be displayed by adding the --list-mode parameter to the command:

/usr/lib/centreon/plugins//centreon_aws_cloudtrail_api.pl \
--plugin=cloud::aws::cloudtrail::plugin \
--list-mode

The plugin brings the following modes:

ModeLinked service template
checktrailstatusCloud-Aws-Cloudtrail-Check-Trail-Status-Api
counteventsCloud-Aws-Cloudtrail-Count-Events-Api

Available custom modes​

This connector offers several ways to connect to the resource (CLI, library, etc.), called custom modes. All available custom modes can be displayed by adding the --list-custommode parameter to the command:

/usr/lib/centreon/plugins//centreon_aws_cloudtrail_api.pl \
--plugin=cloud::aws::cloudtrail::plugin \
--list-custommode

The plugin brings the following custom modes:

  • awscli
  • paws

Available options​

Generic options​

All generic options are listed here:

OptionDescriptionType
--modeChoose a mode.Global
--dyn-modeSpecify a mode with the path (separated by '::').Global
--list-modeList available modes.Global
--mode-versionCheck minimal version of mode. If not, unknown error.Global
--versionDisplay plugin version.Global
--custommodeChoose a custom mode.Global
--list-custommodeList available custom modes.Global
--multipleMultiple custom mode objects (required by some specific modes)Global
--pass-managerUse a password manager.Global
--verboseDisplay long output.Output
--debugDisplay also debug messages.Output
--filter-perfdataFilter perfdata that match the regexp.Output
--filter-perfdata-advAdvanced perfdata filter. Eg: --filter-perfdata-adv='not (%(value) == 0 and %(max) eq "")'Output
--explode-perfdata-maxPut max perfdata (if it exist) in a specific perfdata (without values: same with '_max' suffix) (Multiple options)Output
--change-perfdata --extend-perfdataChange or extend perfdata. Syntax: --extend-perfdata=searchlabel,newlabel,target[,[newuom],[min],[m ax]] Common examples: Change storage free perfdata in used: --change-perfdata=free,used,invert() Change storage free perfdata in used: --change-perfdata=used,free,invert() Scale traffic values automaticaly: --change-perfdata=traffic,,scale(auto) Scale traffic values in Mbps: --change-perfdata=traffic_in,,scale(Mbps),mbps Change traffic values in percent: --change-perfdata=traffic_in,,percent()Output
--extend-perfdata-groupExtend perfdata from multiple perfdatas (methods in target are: min, max, average, sum) Syntax: --extend-perfdata-group=searchlabel,newlabel,target[,[newuom],[m in],[max]] Common examples: Sum wrong packets from all interfaces (with interface need --units-errors=absolute): --extend-perfdata-group=',packets_wrong,sum(packets_(discard |error)_(in|out))' Sum traffic by interface: --extend-perfdata-group='traffic_in_(.*),traffic_$1,sum(traf fic_(in|out)_$1)'Output
--change-short-output --change-long-outputChange short/long output display: --change-short-output=patternreplacemodifierOutput
--change-exitChange exit code: --change-exit=unknown=criticalOutput
--range-perfdataChange perfdata range thresholds display: 1 = start value equals to '0' is removed, 2 = threshold range is not display.Output
--filter-uomFilter UOM that match the regexp.Output
--opt-exitOptional exit code for an execution error (i.e. wrong option provided, SSH connection refused, timeout, etc) (Default: unknown).Output
--output-ignore-perfdataRemove perfdata from output.Output
--output-ignore-labelRemove label status from output.Output
--output-xmlDisplay output in XML format.Output
--output-jsonDisplay output in JSON format.Output
--output-openmetricsDisplay metrics in OpenMetrics format.Output
--output-fileWrite output in file (can be used with json and xml options)Output
--disco-formatDisplay discovery arguments (if the mode manages it).Output
--disco-showDisplay discovery values (if the mode manages it).Output
--float-precisionSet the float precision for thresholds (Default: 8).Output
--source-encodingSet encoding of monitoring sources (In some case. Default: 'UTF-8').Output

Custom modes options​

All custom modes specific options are listed here:

OptionDescriptionType
--aws-secret-keySet AWS secret key.Awscli
--aws-access-keySet AWS access key.Awscli
--aws-session-tokenSet AWS session token.Awscli
--aws-role-arnSet arn of the role to be assumed.Awscli
--aws-profileSet AWS profile.Awscli
--endpoint-urlOverride AWS service endpoint URL if necessary.Awscli
--regionSet the region name (Required).Awscli
--periodSet period in seconds.Awscli
--timeframeSet timeframe in seconds.Awscli
--statisticSet cloudwatch statistics (Can be: 'minimum', 'maximum', 'average', 'sum').Awscli
--zeroedSet metrics value to 0 if none. Usefull when CloudWatch does not return value when not defined.Awscli
--timeoutSet timeout in seconds (Default: 50).Awscli
--sudoUse 'sudo' to execute the command.Awscli
--commandCommand to get information (Default: 'aws'). Can be changed if you have output in a file.Awscli
--command-pathCommand path (Default: none).Awscli
--command-optionsCommand options (Default: none). Only use for testing purpose, when you want to set ALL parameters of a command by yourself.Awscli
--proxyurlProxy URL if anyAwscli
--skip-ssl-checkAvoid certificate issuer verification. Useful when AWS resources are hosted by a third-party. Note that it strips all stderr from the command result. Will be enhanced someday. Debug will only display CLI instead of evreything.Awscli

Modes options​

All modes specific options are listed here:

OptionDescriptionType
--trail-nameFilter by trail name.Mode

All available options for a given mode can be displayed by adding the --help parameter to the command:

/usr/lib/centreon/plugins//centreon_aws_cloudtrail_api.pl \
--plugin=cloud::aws::cloudtrail::plugin \
--custommode='' \
--help